zoneminder/distros/ubuntu1604
Pliable Pixels fc27393a96 Replace MySQL Password() with bcrypt, allow for alternate JWT tokens (#2598)
* added sha1 and bcrypt submodules

* added bcrypt and sha to src build process

* added test sha1 and bcrypt code to validate working

* bcrypt auth migration in PHP land

* added include path

* add sha source

* added bcrypt to others

* put link_dir ahead of add_executable

* fixed typo

* try add_library instead

* absolute path

* absolute path

* build bcrypt as static

* move to wrapper

* move to fork

* logs tweak

* added lib-ssl/dev for JWT signing

* Moved to openSSL SHA1, initial JWT plugin

* removed vog

* fixed SHA1 algo

* typo

* use php-jwt, use proper way to add PHP modules, via composer

* fixed module path

* first attempt to fix cast error

* own fork

* own fork

* add composer vendor directory

* go back to jwt-cpp as PR merged

* moved to jwt-cpp after PR merge

* New token= query for JWT

* Add JWT token creation, move old code to a different function for future deprecation, simplified code for ZM_XX parameter reading

* JWT integration, validate JWT token via validateToken

* added token validation to zms/zmu/zmuser

* add token to command line for zmu

* move decode inside try/catch

* exception handling for try/catch

* fix db read, forgot to exec query

* remove allowing auth_hash_ip for token

* support refresh tokens as well for increased security

* remove auth_hash_ip

* Error out if used did not create an AUTH_HASH_SECRET

* fixed type conversion

* make sure refresh token login doesn't generate another refresh token

* fix absolute path

* move JWT/Bcrypt inside zm_crypt

* move sha headers out

* move out sha header

* handle case when supplied password is hashed, fix wrong params in AppController

* initial baby step for api tab

* initial plumbing to introduce token expiry and API bans per user

* remove M typo

* display user table in api

* added revoke all tokens code, removed test code

* use strtoul for conversion

* use strtoul for conversion

* use strtoul for conversion

* more fixes

* more fixes

* add mintokenexpiry to DB seek

* typo

* add ability to revoke tokens and enable/disable APIs per user

* moved API enable back to system

* comma

* enable API options only if API enabled

* move user creation to bcrypt

* added password_compat for PHP >=5.3 <5.5

* add Password back so User object indexes don't change

* move token index after adding password

* demote logs

* make old API auth optional, on by default

* make old API auth mechanism optional

* removed stale code

* forgot to checkin update file

* bulk overlay hash mysql encoded passwords

* add back ssl_dev, got deleted

* fix update script

* added token support to index.php

* reworked API document for new changes in 2.0

* Migrate from libdigest to crypt-eks-blowfish due to notice

* merge typo

* css classess for text that disappear

* fixed html typo

* added deps to ubuntu control files

* spaces

* removed extra line

* when regenerating using refresh tokens, username needs to be derived from the refresh token, as no session would exist

* add libssl1.0.0 for ubuntu 16/12

* small API fixes

* clean up of API, remove redundant sections

* moved to ZM fork for bcrypt

* whitespace and google code style

* regenerate auth hash if doing password migration

* dont need AUTH HASH LOGIN to be on

* Add auth hash verification to the user logged in already case

* fix missing ]

* reject requests if per user API disabled
2019-05-24 13:48:40 -04:00
..
conf/apache2 Grant access to the new cache directory in Apache on Ubuntu (#2130) 2018-06-18 10:18:55 -04:00
examples Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
patches Don't create symlinks in ZoneMinder webroot (#1923) 2017-07-21 08:18:13 -04:00
source merge updates from SA relating to building debian packages 2017-05-26 22:25:59 -04:00
NEWS Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
README.Debian merge proposed changes in ubuntu1804 folder -> ubuntu1604 folder instead 2018-03-13 09:28:11 -05:00
TODO.Debian Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
changelog Merge ../ZoneMinder.master into storageareas 2018-03-06 12:29:59 -05:00
clean Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
compat Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
control Replace MySQL Password() with bcrypt, allow for alternate JWT tokens (#2598) 2019-05-24 13:48:40 -04:00
copyright Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
gbp.conf Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
libzoneminder-perl.install Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
rules remove ZM_DIR_IMAGES (#2374) 2018-12-29 09:52:58 -05:00
zoneminder-doc.doc-base Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder-doc.install Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder-doc.links Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder.apache2 Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder.bug-presubj Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder.dirs Migrate Webcache out of webroot (#2083) 2018-04-19 15:01:46 -04:00
zoneminder.docs Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder.examples Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder.install include conf.d folder contents in debian packaging (#1934) 2017-06-26 14:44:33 -04:00
zoneminder.links Don't create symlinks in ZoneMinder webroot (#1923) 2017-07-21 08:18:13 -04:00
zoneminder.linktrees Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder.lintian-overrides Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder.logrotate merge updates from SA relating to building debian packages 2017-05-26 22:25:59 -04:00
zoneminder.maintscript Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder.manpages Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder.postinst test for error code from db creation and if there is an error, die with an error code. (#2611) 2019-05-24 13:47:07 -04:00
zoneminder.postrm Rename ubuntu1504, which is unsupported, to ubuntu 1604. Fix control file 2016-05-01 13:46:09 +10:00
zoneminder.preinst merge proposed changes in ubuntu1804 folder -> ubuntu1604 folder instead 2018-03-13 09:28:11 -05:00
zoneminder.service default service start timeout to 5 minutes. THe default of 1.5 minutes is too short on some larger systems 2018-01-08 16:11:54 -05:00
zoneminder.tmpfile Migrate Webcache out of webroot (#2083) 2018-04-19 15:01:46 -04:00

README.Debian

Zoneminder for Debian
---------------------

Initializing database
---------------------

    pv /usr/share/zoneminder/db/zm_create.sql | sudo mysql --defaults-file=/etc/mysql/debian.cnf
OR
    cat /usr/share/zoneminder/db/zm_create.sql | sudo mysql --defaults-file=/etc/mysql/debian.cnf

    echo 'grant lock tables,alter,create,index,select,insert,update,delete on zm.* to 'zmuser'@localhost identified by "zmpass";'\
    | sudo mysql --defaults-file=/etc/mysql/debian.cnf mysql

Hint: generate secure password with `pwgen` and update "/etc/zm/zm.conf"
accordingly.

The following command can help to ensure that zoneminder can read its
configuration file:

    chgrp -c www-data /etc/zm/zm.conf


Upgrading database
------------------

The database is updated automatically on installation. You should not need to take this step.

Assuming that database is on "localhost" then the following command can be
used to upgrade "zm" database:

    zmupdate.pl

Additional permissions may be required to perform upgrade:

    echo 'grant lock tables, create, alter on zm.* to 'zmuser'@localhost identified by "zmpass";'\
    | sudo mysql --defaults-file=/etc/mysql/debian.cnf mysql

The following command prints the current version of zoneminder database:

    echo 'select Value from Config where Name = "ZM_DYN_CURR_VERSION";' \
    | sudo mysql --defaults-file=/etc/mysql/debian.cnf --skip-column-names zm


Enabling service
----------------

By default Zoneminder service is not automatically started and needs to be
manually enabled once database is configured:

    sudo systemctl enable zoneminder.service


Web server set-up
-----------------

There are few manual steps to get the web interface working:

## Apache2

Apache can be configured as folder "/zm" using sample .conf:

    sudo a2enconf zoneminder

Alternatively Apache web site configuration template can be used to setup
zoneminder as "http://zoneminder":

    sudo cp -v /usr/share/doc/zoneminder/examples/apache.conf /etc/apache2/sites-available/
    sudo a2ensite zoneminder.conf

Common configuration steps for Apache2:

    sudo a2enmod cgi
    sudo service apache2 reload


## nginx / fcgiwrap

Nginx needs "php-fpm" package to support PHP and "fcgiwrap" package
for binary "cgi-bin" applications:

    sudo apt-get install php-fpm fcgiwrap

To enable a URL alias that makes Zoneminder available from

    http://yourserver/zm

the following line is to be added to "server" section of a web site
configuration:

    include /usr/share/doc/zoneminder/examples/nginx.conf;

For "default" web site it would be sufficient to include the above
statement to the file

    /etc/nginx/sites-enabled/default

To avoid problems with feeds from multiple cameras "fcgiwrap" should be
configured to start at least as many processes as there are cameras.
It can be done by adjusting DAEMON_OPTS in "/etc/default/fcgiwrap".
Systemd users may be affected by the following bug:

    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792705


## Note:

When Zoneminder web site is running it may be necessary to set
Options/Paths/PATH_ZMS to "/zm/cgi-bin/nph-zms" or according to chosen web
site configuration.


Changing the location for images and events
-------------------------------------------

ZoneMinder is now able to be configured to use an alternative location for storing
events and images at compile time. This package makes use of that, so symlinks in
/usr/share/zoneminder/www are no longer necessary.

Access to /dev/video*
---------------------

For cameras which require access to /dev/video*, zoneminder may need the
www-data user added to the video group in order to see those cameras:

  adduser www-data video

Note that all web applications running on the zoneminder server will then have
access to all video devices on the system.

 -- Vagrant Cascadian <vagrant@debian.org>  Sun, 27 Mar 2011 13:06:56 -0700